These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-3055 is a Citrix NetScaler out-of-bounds read vulnerability that CISA added to the Known Exploited Vulnerabilities (KEV) catalog on 2026-03-30. Because it is listed in KEV, defenders should treat it as a high-priority exposure and act on vendor guidance without delay. The supplied corpus does not include affected-version detail or a technical exploitation description beyond the vulnerability clas [truncated]
CVE-2025-7775 is a Citrix NetScaler memory overflow vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-08-26. Because it is listed in KEV, defenders should treat remediation as urgent and follow vendor guidance immediately.
CVE-2024-8069 affects Citrix Session Recording and is described as a deserialization of untrusted data vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog, so defenders should treat it as a priority remediation item and follow Citrix guidance immediately.
CVE-2024-8068 is a Citrix Session Recording improper privilege management vulnerability that CISA has added to its Known Exploited Vulnerabilities catalog. That KEV listing indicates the issue is considered actively exploited, so organizations using Citrix Session Recording should prioritize remediation and follow vendor guidance immediately. CISA’s entry sets a remediation due date of 2025-09-15.
CVE-2025-5777 affects Citrix NetScaler ADC and Gateway and is described as an out-of-bounds read vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-07-10, indicating active exploitation and noting known ransomware campaign use.
CVE-2025-6543 is a Citrix NetScaler ADC and Gateway buffer overflow vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-06-30. The supplied corpus indicates known exploitation and directs defenders to apply vendor mitigations promptly. Because the public details provided here are limited, the most reliable defensive posture is to treat affected NetScaler deployments as urg [truncated]
CVE-2023-6549 is a Citrix NetScaler ADC and NetScaler Gateway buffer overflow vulnerability that CISA added to its Known Exploited Vulnerabilities (KEV) catalog on 2024-01-17. For defenders, the key signal is not just the weakness class but the KEV status: CISA set a remediation due date of 2024-02-07 and instructed organizations to apply vendor mitigations or discontinue use if mitigations are unavailable.
CVE-2023-6548 is a Citrix NetScaler ADC and NetScaler Gateway code injection vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2024-01-17. Because it is in KEV, affected organizations should treat it as a high-priority issue and follow Citrix’s vendor guidance immediately; CISA says to apply mitigations per vendor instructions or discontinue use if mitigations are unavailable.
CVE-2023-4966 is a Citrix NetScaler ADC and NetScaler Gateway buffer overflow vulnerability that was publicly recorded on 2023-10-18 and added to CISA’s Known Exploited Vulnerabilities catalog the same day. CISA marks it as known exploited, with known ransomware campaign use, and sets a remediation due date of 2023-11-08. Organizations running affected NetScaler deployments should treat this as an urgent [truncated]
CVE-2023-24489 is a Citrix Content Collaboration / ShareFile improper access control vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2023-08-16. Because it is in KEV, organizations should treat it as urgent and follow Citrix mitigation guidance immediately. If mitigation is not available in your environment, CISA’s guidance is to discontinue use of the product.
CVE-2023-3519 is a Citrix NetScaler ADC and NetScaler Gateway code injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-07-19. Because it is listed in KEV and marked as having known ransomware campaign use, defenders should treat it as an active, high-priority exposure. The supplied official guidance is to apply vendor mitigations immediately or discontinue use of [truncated]
CVE-2022-27518 is an authentication bypass vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-12-13, which means defenders should treat it as an active risk and follow vendor update guidance without delay.
CVE-2021-22941 is an improper access control vulnerability in Citrix ShareFile. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-03-25 and marked it as having known ransomware campaign use. For defenders, this makes ShareFile deployments a time-sensitive patching and verification priority.
CVE-2019-12991 is a command injection vulnerability affecting Citrix SD-WAN and NetScaler. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-03-25, which means it should be treated as actively exploited and remediated urgently. The CISA entry directs defenders to apply updates per vendor instructions.
CVE-2019-12989 is a Citrix SQL injection vulnerability affecting SD-WAN and NetScaler products. CISA lists it in the Known Exploited Vulnerabilities catalog, which means it has been identified as actively exploited in the wild. The official defensive guidance in the supplied source is to apply updates per the vendor’s instructions.
CVE-2017-6316 is a Citrix multiple-products remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog. Because it is listed as known exploited, organizations using the affected Citrix products should treat remediation as urgent and follow vendor update instructions.
CVE-2020-8196 is a Citrix information disclosure vulnerability affecting Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP appliances. In the supplied source data, CISA lists it in the Known Exploited Vulnerabilities catalog and instructs organizations to apply updates per vendor instructions. Because it is a KEV item, it should be treated as a priority remediation item, especially on inter [truncated]
CVE-2020-8195 is a Citrix information disclosure vulnerability affecting Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance deployments. CISA added it to the Known Exploited Vulnerabilities catalog, which means defenders should treat it as a real-world risk and prioritize remediation using vendor guidance.
CVE-2020-8193 is a Citrix authorization bypass vulnerability affecting Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP appliances. CISA added it to the Known Exploited Vulnerabilities catalog on 2021-11-03, which makes it a high-priority issue for defenders even though the supplied corpus does not include a CVSS score or deeper technical detail. Systems that provide external access or aut [truncated]
CVE-2019-19781 is a Citrix code execution vulnerability affecting Citrix ADC, Gateway, and SD-WAN WANOP Appliance. CISA classifies it as a Known Exploited Vulnerability and notes known ransomware campaign use, so defenders should treat remediation as urgent.
CVE-2019-13608 is a Citrix StoreFront Server XML External Entity (XXE) processing vulnerability that CISA has listed in its Known Exploited Vulnerabilities catalog. CISA also marks it as associated with known ransomware campaign use, which makes this a high-priority remediation item for any exposed Citrix StoreFront Server deployment.
CVE-2019-11634 is a Citrix Workspace Application and Receiver for Windows remote code execution vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. The KEV record indicates known ransomware campaign use, so this issue should be treated as a high-priority remediation item for any environment still running the affected Citrix client software.
CVE-2016-9637 is a high-severity Xen vulnerability tied to the ioport_read and ioport_write functions when qemu is used as the device model. According to the NVD record, an out-of-range I/O port access could let a local x86 HVM guest OS administrator gain qemu process privileges. The CVE was published on 2017-02-17 and is referenced by Xen, Citrix, Red Hat, Debian LTS, and Gentoo advisories.
CVE-2017-5933 is a Citrix NetScaler ADC and NetScaler Gateway weakness involving random GCM nonce generation. According to the CVE record, the issue can make it easier for a remote attacker to recover information needed to spoof data in an affected session. NVD rates it CVSS 3.0 5.9 (Medium) with network access, no privileges, and no user interaction required, but with high attack complexity.
CVE-2017-5573 describes a task-control issue in Linux Foundation xapi as used by Citrix XenServer through 7.0. According to the CVE record, an authenticated read-only administrator can cancel tasks started by other administrators. The NVD record rates the issue Medium with an integrity-focused impact profile (no confidentiality or availability impact recorded).
CVE-2017-5572 is a Citrix XenServer issue in the Linux Foundation xapi component that allows an authenticated read-only administrator to corrupt the host database. NVD rates the issue medium severity and lists impacted XenServer versions as 6.0.2, 6.2.0, 6.5, and 7.0. Because the attack requires high privileges, this is not a public, unauthenticated exposure, but it can still threaten host integrity and a [truncated]
CVE-2016-10024 is a local denial-of-service flaw in Xen and related Citrix XenServer builds. A privileged x86 paravirtualized guest kernel administrator can asynchronously modify the instruction stream during certain kernel operations, which can hang or crash the host.
CVE-2016-9386 is a high-severity privilege-escalation issue in Xen’s x86 emulator. According to the NVD description, the emulator does not properly treat x86 NULL segments as unusable when accessing memory, which can lead to unexpected base/limit values and may let a local HVM guest user gain elevated privileges. The vulnerability was publicly disclosed on 2017-01-23 and is documented in Xen and Citrix ad [truncated]
CVE-2016-9383 is a high-severity Xen hypervisor flaw published on 2017-01-23. On affected 64-bit Xen hosts, a local x86 guest user can abuse broken emulation of bit test instructions to modify arbitrary memory in the host context, which can lead to data disclosure, host crashes, or code execution on the host.
CVE-2016-9381 is a high-severity race condition (a double-fetch issue) in Xen’s QEMU-related handling that can allow privilege escalation from inside an affected x86 HVM guest. The NVD record rates it CVSS 7.5 and maps it to CWE-362. If you operate XenServer or QEMU-based Xen deployments, this is the kind of issue that should be treated as a priority patching item, especially where guest administrators ar [truncated]
CVE-2016-9380 affects Xen’s pygrub boot loader emulator and can let a local guest OS administrator influence host-side file handling when nul-delimited output is requested. The impact is serious because the flaw can expose or remove arbitrary files on the host, crossing the guest-to-host boundary.
CVE-2016-9379 is a high-severity Xen pygrub issue that can cross the guest-to-host boundary. According to the official record, when pygrub is asked for S-expression output, a guest OS administrator using pygrub can leverage quotes and S-expressions in the bootloader configuration file to read or delete arbitrary files on the host. The risk is limited to local use with elevated guest-side privileges, but t [truncated]
CVE-2016-9680 is a high-severity information disclosure issue in Citrix Provisioning Services. According to the supplied description and NVD data, versions before 7.12 can expose sensitive information from kernel memory through unspecified vectors. The NVD record identifies multiple affected 7.x releases and rates the issue as network-exploitable with high confidentiality impact.
CVE-2016-9679 is a critical memory-corruption issue in Citrix Provisioning Services. According to the NVD record, versions before 7.12 are affected, with multiple 7.x releases explicitly listed as vulnerable. The flaw can let an attacker execute arbitrary code by overwriting a function pointer, and the CVSS vector indicates network access with no privileges or user interaction required.
CVE-2016-9678 is a critical use-after-free vulnerability in Citrix Provisioning Services. NVD lists affected releases from 7.0 through 7.11, with remediation implied by the vendor guidance and the product fix threshold of 7.12. The published record describes potential arbitrary code execution, and the CVSS 3.0 vector indicates a network-reachable issue with no privileges or user interaction required.
CVE-2016-9677 is a Citrix Provisioning Services information-disclosure issue published on 2017-01-18. The NVD record describes a leak of sensitive kernel address information through unspecified vectors in Citrix Provisioning Services before 7.12. The issue is rated Medium (CVSS 5.3) and is categorized as CWE-200. No KEV listing or ransomware association is provided in the supplied corpus.
CVE-2016-9676 is a critical buffer overflow affecting Citrix Provisioning Services. The NVD record and Citrix vendor advisory indicate that versions before 7.12 are affected, with vulnerable CPEs listed for 7.0, 7.1, 7.6, 7.7, 7.8, 7.9, and 7.11. The issue is rated CVSS 9.8 with a network attack vector and no privileges or user interaction required, so exposed deployments should be treated as urgent patch candidates.
